- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FSSO issue
Hi
I have fortigate 80c v5.2.5
I have followed the below link instruction and successfully configured FSSO.
https://www.youtube.com/watch?v=0DUqspQ3pzo
But when testing the policy on users’ computer nothing happen and the users skip this policy although I tried with AD username, group and even with adding the entire OU.
Another thing; when I went to “User & Device” > “Monitor” > “Firewall” > “Show all FSSO Logons” I found nothing!
FortiGate_80C # diag debug fsso-polling detail polling frequency: every 10 second(s) success(0), fail(10) LDAP query: success(0), fail(0) LDAP max group query period(seconds): 0 most recent connection status: err: server can not be accessible
FortiGate_80C # diagnose debug fsso-polling summary global: logon: 0 current vdom: root:(id=0) number of AD servers: 1 number of clients: 1
FortiGate_80C # show user fsso config user fsso edit "Local FSSO Agent" set server "127.0.0.1" set ldap-server "LDAP server" next end
- Labels:
-
5.2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree with superindian.
Better look into using the fsso agent on your domain controller.
http://cookbook.fortinet.com/providing-single-sign-using-ldap-fsso-agent-advanced-mode-expert/
Anway, if you want to continue without FSSO Agent on your domain controller:
You are unable to access your domain controller:
[size="1"]polling frequency: every 10 second(s) success(0), [style="background-color: #ffff00;"]fail(10)[/style][/size] LDAP query: success(0), fail(0) LDAP max group query period(seconds): 0 [style="background-color: #ffff00;"]most recent connection status: err: server can not be accessible[/style]
[style="background-color: #ffffff;"][size="1"]My guess is wrong AD-User permissions. The user which you are using to poll your domain controller. This user needs access to the Domain Controller Security Log. [/size][/style]
[style="background-color: #ffffff;"][size="1"][size="3"]Try this debugging command:[/size][/size][/style]
#diag debug application fssod -1
#diag debug enable
[style="background-color: #ffffff;"][size="1"][size="3"]http://docs.fortinet.com/uploaded/files/1844/fortinet-single-sign-on-polling-mode-windows-AD-network...[/size][/size][/style]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm able to view OU's, user accounts and groups from FSSO, please have a look to the attached photo.
As for the command Connected FortiGate_80C # diag debug application fssod -1 FortiGate_80C # diag debug enable [size="1"]FortiGate_80C # [fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size]